Tech News: Truecaller fixed the bug in Guardian app that led hackers to monitor customer information.
Truecaller just launched last week a brand new Guardian application designed so that customers can share their location and various essential details with their home for security purposes. While some had simply started testing the application, a significant bug was detected shortly after its launch, which could cause customers to lose their credentials to hackers.
According to a TNW report, security researcher Anand Prakash discovered a vulnerability within the Guardian app and notified Truecaller of the problem on March 4. Prakash notes that the bug was found in the “Log in with Truecaller API” app, which means that evildoers would have full control of the user’s account simply by using their phone number to login. Hackers could intercept the API request and change the phone number to gain access to a user’s account. This account takeover allowed the hacker to add himself as a trusted contact in another user’s profile.
The bug even allowed the hacker to view a consumer’s relationship details along with names, start dates, phone numbers, and areas of residence, as per the report.
While the thinking behind the Guardian app is to share important data with relationships and several trusted contacts to stay protected while commuting, the bug posed a critical threat to customers’ credentials. Thankfully, the problem was recognized by Truecaller who usually mounted it on the same day.
“In this case, the problem reported by Anand was due to a development configuration implemented by mistake during the launch phase. Our engineers were already implementing a solution at the time of its presentation to ensure user safety, ”said Truecaller.